{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()",
    "id" : "2405713",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405713"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nipv6: Fix out-of-bounds access in ipv6_find_tlv()\noptlen is fetched without checking whether there is more than one byte to parse.\nIt can lead to out-of-bounds access.\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE.", "An out of bounds (OOB) memory access flaw was found in the Linux kernel's ipv6 network subsystem. This could allow a local attacker to crash the system or leak kernel internal information." ],
  "statement" : "The function ipv6_find_tlv() parsed IPv6 extension headers without checking that at least two bytes were available before reading the option length field.\nAn attacker could send a malformed IPv6 packet with a truncated extension header, causing an out-of-bounds read and potential kernel crash or memory fault while parsing.\nThe fix adds a length check (if (len < 2) goto bad;) before accessing the second byte, preventing buffer overrun.\nThis issue is remotely triggerable via network traffic and can lead to kernel panic (DoS) or, in rare cases, information leakage through speculative execution paths.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-01-19T00:00:00Z",
    "advisory" : "RHSA-2026:0754",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt_els:7",
    "package" : "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-01-19T00:00:00Z",
    "advisory" : "RHSA-2026:0755",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "kernel-0:3.10.0-1160.145.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1512",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.183.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0533",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.183.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0533",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.183.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1442",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.177.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1442",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.177.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1442",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.177.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0532",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.124.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0532",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.124.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0576",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.161.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0537",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.161.1.rt21.233.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1441",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.154.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1443",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.154.1.rt14.439.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53705\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53705\nhttps://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53705-38d9@gregkh/T" ],
  "name" : "CVE-2023-53705",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}